中图分类号： TN915.08
文献标识码： A
DOI：10.16157/j.issn.0258-7998.222641
中文引用格式： 吕乐乐，董伟，赵云飞，等. 基于Q算法的认证协议漏洞挖掘技术研究[J].电子技术应用，2022，48(10)：63-68.
英文引用格式： Lv Lele，Dong Wei，Zhao Yunfei，et al. Research on the vulnerability mining technology of authentication protocol based on Q-learning[J]. Application of Electronic Technique，2022，48(10)：63-68.

Research on the vulnerability mining technology of authentication protocol based on Q-learning

Abstract： The authentication and authorization protocol allows a third party to obtain user resources without disclosing the user password, solves the problem of third-party authorization under the cloud platform, and improves the user′s interactive experience. However, the uncertainty and complexity of the protocol in interactive processing may lead to logical loopholes in its practical application. To solve this problem, a fuzzy simulation method is proposed. By fuzzy processing the protocol interaction process, the logical loopholes of the protocol are found by using the uncertainty of the action of the protocol entity. At the same time, combined with SA-Q reinforcement learning algorithm, the agent is trained to learn the optimal fuzzy strategy and mine the loopholes intelligently. After testing, it is found that compared with the basic Q-learning algorithm, the convergence speed of this method is improved by 9.27%, which makes the model easier to converge during training and effectively improves the efficiency of vulnerability mining.

Key words : authentication authorization protocols；logical vulnerabilities；fuzzy simulation；Q reinforcement learning algorithms